adplus-dvertising

Welcome to the Exploiting and Pivoting MCQs Page

Dive deep into the fascinating world of Exploiting and Pivoting with our comprehensive set of Multiple-Choice Questions (MCQs). This page is dedicated to exploring the fundamental concepts and intricacies of Exploiting and Pivoting, a crucial aspect of CompTIA PenTest+ Certification Exam PT0 002. In this section, you will encounter a diverse range of MCQs that cover various aspects of Exploiting and Pivoting, from the basic principles to advanced topics. Each question is thoughtfully crafted to challenge your knowledge and deepen your understanding of this critical subcategory within CompTIA PenTest+ Certification Exam PT0 002.

frame-decoration

Check out the MCQs below to embark on an enriching journey through Exploiting and Pivoting. Test your knowledge, expand your horizons, and solidify your grasp on this vital area of CompTIA PenTest+ Certification Exam PT0 002.

Note: Each MCQ comes with multiple answer choices. Select the most appropriate option and test your understanding of Exploiting and Pivoting. You can click on an option to test your knowledge before viewing the solution for a MCQ. Happy learning!

Exploiting and Pivoting MCQs | Page 12 of 13

Explore more Topics under CompTIA PenTest+ Certification Exam PT0 002

Q111.
Ian’s penetration test rules of engagement specify that he cannot add tools to the systems he compromises in a specific target environment. What techniques will he have to use to meet this requirement?

a.

Compromise using a fileless malware package, then cover his tracks and clean up any files he uses.

b.

Compromise using a known exploit and dropper from Metasploit, then use living-off-the-land techniques.

c.

Compromise using a fileless malware package, then use living-off-the-land techniques.

d.

Compromise using a known exploit and dropper from Metasploit, then clean up the dropped files and only use system utilities for further work.

Discuss
Answer: (c).Compromise using a fileless malware package, then use living-off-the-land techniques. Explanation:A combination of fileless malware and living-off-the-land techniques that use native tools and utilities will help Ian ensure that he meets the rules of engagement of the penetration test he is conducting. Even cleaning up files will violate those rules, meaning that Ian should not add tools even if he is confident in his ability to clean them up after he is done. A Metasploit dropper leaves files behind, which means both answers that use this do not meet the requirements.
Q112.
Tina has acquired a list of valid user accounts but does not have passwords for them. If she has not found any vulnerabilities but believes that the organization she is targeting has poor password practices, what type of attack can she use to try to gain access to a target system where those usernames are likely valid?

a.

Rainbow tables

b.

Dictionary attacks

c.

Thesaurus attacks

d.

Meterpreter

Discuss
Answer: (b).Dictionary attacks Explanation:Tina may want to try a brute-force dictionary attack to test for weak passwords. She should build a custom dictionary for her target organization, and she may want to do some social engineering work or social media assessment upfront to help her identify any common password selection behaviors that members of the organization tend to display.
Q113.
What built-in Windows server administration tool can allow command-line PowerShell access from other systems?

a.

VNC

b.

PowerSSHell

c.

PSRemote

d.

RDP

Discuss
Answer: (c).PSRemote Explanation:PSRemote, or PowerShell Remote, provides command-line access from remote systems. Once you have established a remote trust relationship using valid credentials, you can use PowerShell commands for a variety of exploit and information gathering activities, including the use of dedicated PowerShell exploit tools.
Q114.
John wants to retain access to a Linux system. Which of the following is not a common method of maintaining persistence on Linux servers?

a.

Scheduled tasks

b.

Cron jobs

c.

Trojaned services

d.

Modified daemons

Discuss
Answer: (a).Scheduled tasks Explanation:The Windows task schedule is used for scheduled tasks. On Linux, cron jobs are set to start applications and other events on time. Other common means of creating persistent access to Linux systems include modifying system daemons, replacing services with Trojaned versions, or even simply creating user accounts for later use.
Q115.
Tim has selected his Metasploit exploit and set his payload as cmd/unix/generic.
After attempting the exploit, he receives the following output. What went wrong?

a.

The remote host is firewalled.

b.

The remote host is not online.

c.

The host is not routable.

d.

The remote host was not set.

Discuss
Answer: (d).The remote host was not set. Explanation:Metasploit needs to know the remote target host, known as rhost, and this was not set. Tim can set it by typing set rhost [ip address] with the proper IP address. Some payloads require lhost, or local host, to be set as well, making it a good idea to use the show options command before running an exploit.
Q116.
Cameron runs the following command via an administrative shell on a Windows system he has compromised. What has he accomplished?

$command = 'cmd /c powershell.exe -c Set-WSManQuickConfig -Force;Set-Item WSMan:\localhost\Service\Auth\Basic -Value $True;SetItem WSMan:\localhost\Service\AllowUnencrypted -Value $True;Register-PSSessionConfiguration -Name Microsoft.PowerShell -Force'

a.

He has enabled PowerShell for local users.

b.

He has set up PSRemoting.

c.

He has disabled remote command-line access.

d.

He has set up WSMan.

Discuss
Answer: (b).He has set up PSRemoting. Explanation:Cameron has enabled PowerShell remote access, known as PSRemoting, and has configured it to allow unencrypted sessions using basic auth. This configuration should worry any Windows administrator who finds it!
Q117.
Mike discovers a number of information exposure vulnerabilities while preparing for the exploit phase of a penetration test. If he has not been able to identify user or service information beyond vulnerability details, what priority should he place on exploiting them?

a.

High priority; exploit early.

b.

Medium priority; exploit after other system and service exploits have been attempted.

c.

Low priority; only exploit if time permits.

d.

Do not exploit; information exposure exploits are not worth conducting.

Discuss
Answer: (a).High priority; exploit early. Explanation:Although it may seem odd, exploiting information gathering exploits early can help provide useful information for other exploits. In addition, most information gathering exploits leave very little evidence and can provide information on service configurations and user accounts, making them a very useful tool in a situation like the scenario described.
Q118.
Annie is using a collection of leaked passwords to attempt to log in to multiple user accounts belonging to staff of the company she is penetration testing. The tool she is using attempts to log into each account using a single password, then moves on to the next password, recording failures and successes. What type of attack is Annie conducting?

a.

A firehose attack

b.

Password spraying

c.

Pass the hash

d.

A cloned password attack

Discuss
Answer: (b).Password spraying Explanation:Annie is using a password spraying attack, which uses the same password against a variety of accounts, then tries the next password in a series, continuing through each password in its list for all the targeted accounts. Pass-the-hash attacks use captured hashes to attempt to use existing sessions.
Q119.
Jacob wants to capture user hashes on a Windows network. Which tool could he select to gather these from broadcast messages?

a.

Metasploit

b.

Responder

c.

Impacket

d.

Wireshark

Discuss
Answer: (c).Impacket Explanation:Metasploit’s SMB capture mode, Responder, and Wireshark can all capture SMB hashes from broadcasts. Impacket doesn’t build this capability in but provides a wide range of related tools, including the ability to authenticate with hashes once you have captured them. If you’re wondering about encountering this type of question on the exam, remember to eliminate the answers you are sure of to reduce the number of remaining options. Here, you can likely guess that Metasploit has a module for this, and Wireshark is a packet capture tool, so capturing broadcast traffic may require work but would be possible. Now you’re down to a 50/50 chance!
Q120.
Madhuri has been asked to run BloodHound as part of her penetration testing efforts. What will she be able to do with the tool?

a.

Visualize Active Directory environments.

b.

Capture encrypted network traffic.

c.

Visualize network traffic flows.

d.

Find encrypted files in network share drives.

Discuss
Answer: (a).Visualize Active Directory environments. Explanation:BloodHound ingests Active Directory forest or tree data and displays, allowing penetration testers to visualize the data and analyze it by looking for elements like privileged accounts. It does not capture encrypted network traffic, visualize network flows, or search for encrypted files on shared drives.
Page 12 of 13

Suggested Topics

Are you eager to expand your knowledge beyond CompTIA PenTest+ Certification Exam PT0 002? We've curated a selection of related categories that you might find intriguing.

Click on the categories below to discover a wealth of MCQs and enrich your understanding of Computer Science. Happy exploring!

MS Office

Master the suite of productivity tools with our MS Office MCQs. From Word and Excel...

MATLAB

Hone your computational mathematics skills with our MATLAB MCQs. Understand...

Computer Hardware

Explore the tangible components of computers with our Computer Hardware MCQs. Learn...

C# programming

Hone your skills in the C# language with our MCQs. Understand data types, operators,...

Embedded Systems

Dive into the world of specialized computing systems with our Embedded Systems MCQs....

Data Warehousing and OLAP

Strengthen your knowledge of Data Warehousing and OLAP with our specialized MCQs....

SQL Server

Master Microsoft's database server with our SQL Server MCQs. Topics cover database...

Object Oriented Programming

Enhance your coding skills with our Object Oriented Programming MCQs. Understand...

Digital Logic Design

Understand the foundation of digital computers with our Digital Logic Design MCQs....